Payment Card Industry Data Security Standards - PCI - DSS
The Payment Card Industry (PCI) Security Standards Council has developed the Payment Card Industry Data Security Standards (PCI DSS), a set of financial and information technology standards, to protect credit cardholder data. PCI DSS governs all merchants and organizations that collect, process, store, or transmit credit card information.
Processing Credit Cards
Georgetown's PCI procedures ensure that departments processing credit card transactions do so in a manner that protects confidential customer data using industry best practices, by well-trained University personnel, and ensures that GU partners also protect customer data appropriately.
PCI requirements apply to all payment card (debit or credit card) transactions and data processed for or on behalf of Georgetown; compliance is a contractual obligation. Non-Compliance can result in fines or inability to continue accepting funds.
In order to effectively manage, control, and support PCI compliance, the University has established campus based Service Centers, through which all card processing and PCI compliance is administered. Each Campus is responsible for managing credit card processing and PCI compliance through central Service Centers and specialized Service Centers. Oversight of PCI Compliance is from Financial Affairs.
All Service Centers and merchants are subject to an annual internal PCI Audit and an internal or external PCI assessment. Further requirements and documentation are outlined in the PCI Service Center materials.
Service Centers and Coordinators
Central Service Center- Josh Ford
Student Affairs - Dustin Musser
School of Continuing Studies - Heather Malneritch
GU-Q - Shaida Sonde
Central Service Center – Victoria Kromer-Crooke
Central Service Center - Cora Osborne
CLE - Simona Rosu
Central Service Center - Jon Hendrix
Advancement - Kishan Kariawasam
Office of Billing and Payments - Rico Headly-Soto
Questions about credit card processing can be directed to the appropriate coordinator, or to firstname.lastname@example.org.
Payment Card Industry (PCI) Training
Annual PCI Training is required for all authorized credit card processors.